Direct connections between nodes are in the same LAN (behind common NAT)

[kolesnikov at infonetwork.ru]

Hi

I'm trying to implement a scheme in which the nodes will have a direct UDP tunnel to each other.
First, all nodes make connection with one public node, and then make connections with each other.

And I came across the following problem: 
Remotely located nodes can establish a direct UDP connection, but the nodes that are in the same local network can not, and all traffic goes through the public node.
In the log files I see that the nodes can not agree on the MTU.

1298030480 tinc.vpn[4056]: No response to MTU probes from client_01

I understand this so that local nodes can not receive messages MTU probe from each other. Although from the remote nodes they successfully receive these messages.

Tell me please, how can I solve this problem?



Additional information:

I have 4 nodes:
1) VPNGATE - public node and all the other nodes are connected with it.
2) CLIENT_01, CLIENT_02 - nodes are located in the same LAN.
3) CLIENT_03 - remotely located node.


=== VPNGATE ===
tinc/vpn/hosts/vpngate
tinc/vpn/hosts/client_01
tinc/vpn/hosts/client_02
tinc/vpn/hosts/client_03

... tinc.conf:
AddressFamily = ipv4
BindToAddress = x.x.x.x (public IP address)
BindToInterface = eth0
Name = vpngate
Device = /dev/net/tun
PrivateKeyFile = /etc/tinc/vpn/rsa_key.priv
Mode = switch


=== CLIENT_0X ===
tinc/vpn/hosts/vpngate
tinc/vpn/hosts/client_0X

... tinc.conf:
AddressFamily = ipv4
Name = client_0X
ConnectTo = vpngate
Interface = tinc.vpn
PrivateKeyFile = C:\Program Files\tinc\vpn\rsa_key.priv
Mode = switch


=== HOST FILES ===
VPNGATE:
Compression = 9
Address = x.x.x.x (public IP address)
Subnet  = 192.168.10.0/24
Port = 655
-----BEGIN RSA PUBLIC KEY-----

CLIENT_0X:
Compression = 9
Subnet = 192.168.10.X/32
-----BEGIN RSA PUBLIC KEY-----


and when I have full connectivity:

ping CLIENT_01 ---> VPNGATE = 150 ms
ping CLIENT_01 ---> CLIENT_03 = 15 ms
ping CLIENT_01 ---> CLIENT_02 = 300 ms


Best regards, 
Dmitry Kolesnikov